@clavex/mcp-server 1.0.0

package/README.md

@@ -0,0 +1,107 @@
+# @clavex/mcp-server
+
+MCP server for the [Clavex Identity Platform](https://clavex.eu), enabling Claude (and any MCP-compatible AI client) to manage organizations, users, OIDC clients, identity providers, and auth policies via natural language.
+
+## Tools (~30 total)
+
+| Domain | Tools |
+|--------|-------|
+| **Organizations** | `clavex_list_orgs`, `clavex_get_org`, `clavex_create_org`, `clavex_update_org` |
+| **Users** | `clavex_list_users`, `clavex_get_user`, `clavex_create_user`, `clavex_update_user`, `clavex_delete_user`, `clavex_send_password_reset`, `clavex_list_user_roles` |
+| **Groups & Roles** | `clavex_list_groups`, `clavex_create_group`, `clavex_list_group_members`, `clavex_add_group_member`, `clavex_remove_group_member`, `clavex_list_roles`, `clavex_assign_role`, `clavex_unassign_role` |
+| **OIDC Clients** | `clavex_list_clients`, `clavex_get_client`, `clavex_create_client`, `clavex_update_client`, `clavex_rotate_client_secret` |
+| **Identity Providers** | `clavex_list_idps`, `clavex_get_idp` |
+| **Webhooks** | `clavex_list_webhooks`, `clavex_create_webhook`, `clavex_delete_webhook` |
+| **Auth Policies** | `clavex_list_policies`, `clavex_create_policy`, `clavex_delete_policy`, `clavex_simulate_policy` |
+| **API Keys** | `clavex_list_api_keys`, `clavex_create_api_key`, `clavex_delete_api_key` |
+| **Usage** | `clavex_get_usage` |
+
+## Setup
+
+### 1. Build
+
+```bash
+cd sdk/mcp
+npm install
+npm run build
+```
+
+### 2. Configure Claude Desktop
+
+Add to `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
+
+```json
+{
+  "mcpServers": {
+    "clavex": {
+      "command": "node",
+      "args": ["/path/to/clavex/sdk/mcp/dist/index.js"],
+      "env": {
+        "CLAVEX_BASE_URL": "https://auth.example.com",
+        "CLAVEX_TOKEN": "your-admin-jwt-token"
+      }
+    }
+  }
+}
+```
+
+Or use email + password auto-login:
+
+```json
+{
+  "mcpServers": {
+    "clavex": {
+      "command": "node",
+      "args": ["/path/to/clavex/sdk/mcp/dist/index.js"],
+      "env": {
+        "CLAVEX_BASE_URL": "https://auth.example.com",
+        "CLAVEX_EMAIL": "admin@example.com",
+        "CLAVEX_PASSWORD": "your-password"
+      }
+    }
+  }
+}
+```
+
+### 3. Configure Claude API (claude.ai Projects)
+
+In your project's MCP settings, point to this server with the same env variables.
+
+## Environment Variables
+
+| Variable | Required | Description |
+|----------|----------|-------------|
+| `CLAVEX_BASE_URL` | ✅ | Clavex server URL, e.g. `https://auth.example.com` |
+| `CLAVEX_TOKEN` | One of these | Pre-acquired JWT bearer token |
+| `CLAVEX_EMAIL` | One of these | Admin email for password-based login |
+| `CLAVEX_PASSWORD` | with EMAIL | Admin password |
+| `CLAVEX_ORG_SLUG` | optional | Org slug (omit for superadmin login) |
+
+## Example Prompts
+
+```
+Create a new organization for Acme Corp with slug "acme" and domain acme.com
+
+Register Grafana as an OIDC client in the acme org with redirect URI https://grafana.acme.com/login/generic_oauth
+
+Add alice@acme.com to the acme org and put her in the Admins group
+
+Block all logins from Russia and China for the acme organization
+
+Show me all active users in org <id>
+
+Simulate what would happen if a user from IP 1.2.3.4 (country: RU) tried to log into org <id>
+```
+
+## Testing
+
+```bash
+# Inspect available tools
+npx @modelcontextprotocol/inspector node dist/index.js
+```
+
+## Security Notes
+
+- **Never** commit `CLAVEX_TOKEN` or credentials to source control — use environment variables or secrets managers.
+- The `clavex_delete_user`, `clavex_delete_webhook`, and `clavex_delete_api_key` tools are marked `destructiveHint: true` — Claude will prompt for confirmation before executing them.
+- `client_secret` and API key secrets are returned only once at creation time and only over the MCP tool response (which is shown to you in the chat) — they are never logged.

package/dist/client.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Clavex API client used by all MCP tools.
+ * Reads credentials from environment variables:
+ *
+ *   CLAVEX_BASE_URL   — required, e.g. https://auth.example.com
+ *   CLAVEX_TOKEN      — pre-acquired JWT bearer token (preferred)
+ *
+ *   — or —
+ *
+ *   CLAVEX_EMAIL      — admin email (auto-login on first call)
+ *   CLAVEX_PASSWORD   — admin password
+ *   CLAVEX_ORG_SLUG   — org slug (omit for superadmin)
+ */
+export declare class ClavexAPIError extends Error {
+    readonly status: number;
+    readonly body: unknown;
+    constructor(status: number, body: unknown, message: string);
+}
+export declare class ClavexClient {
+    private readonly baseURL;
+    private token;
+    private loginPromise;
+    private readonly email;
+    private readonly password;
+    private readonly orgSlug;
+    constructor();
+    private ensureToken;
+    private doLogin;
+    request<T>(method: string, path: string, body?: unknown, auth?: boolean): Promise<T>;
+    get<T>(path: string): Promise<T>;
+    post<T>(path: string, body?: unknown): Promise<T>;
+    patch<T>(path: string, body: unknown): Promise<T>;
+    put<T>(path: string, body?: unknown): Promise<T>;
+    del<T>(path: string): Promise<T>;
+    orgPath(orgID: string, suffix: string): string;
+}
+export declare function getClient(): ClavexClient;
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,qBAAa,cAAe,SAAQ,KAAK;aAErB,MAAM,EAAE,MAAM;aACd,IAAI,EAAE,OAAO;gBADb,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,OAAO,EAC7B,OAAO,EAAE,MAAM;CAKlB;AAMD,qBAAa,YAAY;IACvB,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,KAAK,CAAqB;IAClC,OAAO,CAAC,YAAY,CAA8B;IAGlD,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAqB;IAC3C,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAqB;IAC9C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAqB;;YAY/B,WAAW;YAkBX,OAAO;IAUf,OAAO,CAAC,CAAC,EACb,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE,OAAO,EACd,IAAI,UAAO,GACV,OAAO,CAAC,CAAC,CAAC;IAsCb,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAGhC,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC;IAGjD,KAAK,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC;IAGjD,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,CAAC,CAAC;IAGhD,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC;IAIhC,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,MAAM;CAG/C;AAKD,wBAAgB,SAAS,IAAI,YAAY,CAGxC"}

package/dist/client.js

@@ -0,0 +1,121 @@
+/**
+ * Clavex API client used by all MCP tools.
+ * Reads credentials from environment variables:
+ *
+ *   CLAVEX_BASE_URL   — required, e.g. https://auth.example.com
+ *   CLAVEX_TOKEN      — pre-acquired JWT bearer token (preferred)
+ *
+ *   — or —
+ *
+ *   CLAVEX_EMAIL      — admin email (auto-login on first call)
+ *   CLAVEX_PASSWORD   — admin password
+ *   CLAVEX_ORG_SLUG   — org slug (omit for superadmin)
+ */
+export class ClavexAPIError extends Error {
+    status;
+    body;
+    constructor(status, body, message) {
+        super(message);
+        this.status = status;
+        this.body = body;
+        this.name = "ClavexAPIError";
+    }
+}
+export class ClavexClient {
+    baseURL;
+    token;
+    loginPromise = null;
+    // Credential fields for auto-login
+    email;
+    password;
+    orgSlug;
+    constructor() {
+        const base = process.env.CLAVEX_BASE_URL;
+        if (!base)
+            throw new Error("CLAVEX_BASE_URL environment variable is required");
+        this.baseURL = base.replace(/\/+$/, "");
+        this.token = process.env.CLAVEX_TOKEN;
+        this.email = process.env.CLAVEX_EMAIL;
+        this.password = process.env.CLAVEX_PASSWORD;
+        this.orgSlug = process.env.CLAVEX_ORG_SLUG;
+    }
+    async ensureToken() {
+        if (this.token)
+            return;
+        if (!this.email || !this.password) {
+            throw new Error("Authentication required: set CLAVEX_TOKEN or CLAVEX_EMAIL + CLAVEX_PASSWORD");
+        }
+        if (!this.loginPromise) {
+            this.loginPromise = this.doLogin().then(() => {
+                this.loginPromise = null;
+            }).catch((e) => {
+                this.loginPromise = null;
+                throw e;
+            });
+        }
+        await this.loginPromise;
+    }
+    async doLogin() {
+        const resp = await this.request("POST", "/api/v1/auth/login", { org_slug: this.orgSlug, email: this.email, password: this.password }, false);
+        this.token = resp.token;
+    }
+    async request(method, path, body, auth = true) {
+        if (auth)
+            await this.ensureToken();
+        const headers = {
+            "Content-Type": "application/json",
+            Accept: "application/json",
+        };
+        if (auth && this.token) {
+            headers["Authorization"] = `Bearer ${this.token}`;
+        }
+        const res = await fetch(this.baseURL + path, {
+            method,
+            headers,
+            body: body !== undefined ? JSON.stringify(body) : undefined,
+        });
+        if (res.status === 204)
+            return undefined;
+        let resBody;
+        const ct = res.headers.get("content-type") ?? "";
+        if (ct.includes("application/json")) {
+            resBody = await res.json();
+        }
+        else {
+            resBody = await res.text();
+        }
+        if (!res.ok) {
+            const msg = typeof resBody === "object" && resBody !== null && "error" in resBody
+                ? String(resBody.error)
+                : String(resBody);
+            throw new ClavexAPIError(res.status, resBody, `${method} ${path} → ${res.status}: ${msg}`);
+        }
+        return resBody;
+    }
+    get(path) {
+        return this.request("GET", path);
+    }
+    post(path, body) {
+        return this.request("POST", path, body);
+    }
+    patch(path, body) {
+        return this.request("PATCH", path, body);
+    }
+    put(path, body) {
+        return this.request("PUT", path, body);
+    }
+    del(path) {
+        return this.request("DELETE", path);
+    }
+    orgPath(orgID, suffix) {
+        return `/api/v1/organizations/${orgID}${suffix}`;
+    }
+}
+// Singleton — created lazily on first tool call
+let _client = null;
+export function getClient() {
+    if (!_client)
+        _client = new ClavexClient();
+    return _client;
+}
+//# sourceMappingURL=client.js.map

package/dist/client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,MAAM,OAAO,cAAe,SAAQ,KAAK;IAErB;IACA;IAFlB,YACkB,MAAc,EACd,IAAa,EAC7B,OAAe;QAEf,KAAK,CAAC,OAAO,CAAC,CAAC;QAJC,WAAM,GAAN,MAAM,CAAQ;QACd,SAAI,GAAJ,IAAI,CAAS;QAI7B,IAAI,CAAC,IAAI,GAAG,gBAAgB,CAAC;IAC/B,CAAC;CACF;AAMD,MAAM,OAAO,YAAY;IACN,OAAO,CAAS;IACzB,KAAK,CAAqB;IAC1B,YAAY,GAAyB,IAAI,CAAC;IAElD,mCAAmC;IAClB,KAAK,CAAqB;IAC1B,QAAQ,CAAqB;IAC7B,OAAO,CAAqB;IAE7C;QACE,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QACzC,IAAI,CAAC,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QAC/E,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QACtC,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC;QACtC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;QAC5C,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC7C,CAAC;IAEO,KAAK,CAAC,WAAW;QACvB,IAAI,IAAI,CAAC,KAAK;YAAE,OAAO;QACvB,IAAI,CAAC,IAAI,CAAC,KAAK,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CACb,6EAA6E,CAC9E,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC3C,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;YAC3B,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;gBACb,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;gBACzB,MAAM,CAAC,CAAC;YACV,CAAC,CAAC,CAAC;QACL,CAAC;QACD,MAAM,IAAI,CAAC,YAAY,CAAC;IAC1B,CAAC;IAEO,KAAK,CAAC,OAAO;QACnB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAC7B,MAAM,EACN,oBAAoB,EACpB,EAAE,QAAQ,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,EACtE,KAAK,CACN,CAAC;QACF,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,OAAO,CACX,MAAc,EACd,IAAY,EACZ,IAAc,EACd,IAAI,GAAG,IAAI;QAEX,IAAI,IAAI;YAAE,MAAM,IAAI,CAAC,WAAW,EAAE,CAAC;QAEnC,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;YAClC,MAAM,EAAE,kBAAkB;SAC3B,CAAC;QACF,IAAI,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACvB,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,IAAI,CAAC,KAAK,EAAE,CAAC;QACpD,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,EAAE;YAC3C,MAAM;YACN,OAAO;YACP,IAAI,EAAE,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SAC5D,CAAC,CAAC;QAEH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG;YAAE,OAAO,SAAyB,CAAC;QAEzD,IAAI,OAAgB,CAAC;QACrB,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QACjD,IAAI,EAAE,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACpC,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;aAAM,CAAC;YACN,OAAO,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,MAAM,GAAG,GACP,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,IAAI,OAAO;gBACnE,CAAC,CAAC,MAAM,CAAE,OAAmC,CAAC,KAAK,CAAC;gBACpD,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YACtB,MAAM,IAAI,cAAc,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,IAAI,MAAM,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC,CAAC;QAC7F,CAAC;QAED,OAAO,OAAY,CAAC;IACtB,CAAC;IAED,GAAG,CAAI,IAAY;QACjB,OAAO,IAAI,CAAC,OAAO,CAAI,KAAK,EAAE,IAAI,CAAC,CAAC;IACtC,CAAC;IACD,IAAI,CAAI,IAAY,EAAE,IAAc;QAClC,OAAO,IAAI,CAAC,OAAO,CAAI,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC7C,CAAC;IACD,KAAK,CAAI,IAAY,EAAE,IAAa;QAClC,OAAO,IAAI,CAAC,OAAO,CAAI,OAAO,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC9C,CAAC;IACD,GAAG,CAAI,IAAY,EAAE,IAAc;QACjC,OAAO,IAAI,CAAC,OAAO,CAAI,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC;IACD,GAAG,CAAI,IAAY;QACjB,OAAO,IAAI,CAAC,OAAO,CAAI,QAAQ,EAAE,IAAI,CAAC,CAAC;IACzC,CAAC;IAED,OAAO,CAAC,KAAa,EAAE,MAAc;QACnC,OAAO,yBAAyB,KAAK,GAAG,MAAM,EAAE,CAAC;IACnD,CAAC;CACF;AAED,gDAAgD;AAChD,IAAI,OAAO,GAAwB,IAAI,CAAC;AAExC,MAAM,UAAU,SAAS;IACvB,IAAI,CAAC,OAAO;QAAE,OAAO,GAAG,IAAI,YAAY,EAAE,CAAC;IAC3C,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/helpers.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Wraps a tool handler so API errors become user-facing error messages
+ * instead of crashing the MCP server.
+ */
+export declare function handleError<T>(fn: () => Promise<T>): Promise<{
+    content: Array<{
+        type: "text";
+        text: string;
+    }>;
+    isError?: boolean;
+}>;
+/** Format an array of objects as a readable Markdown table. */
+export declare function mdTable(rows: Record<string, unknown>[], cols?: string[]): string;
+//# sourceMappingURL=helpers.d.ts.map

package/dist/helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.d.ts","sourceRoot":"","sources":["../src/helpers.ts"],"names":[],"mappings":"AAEA;;;GAGG;AACH,wBAAsB,WAAW,CAAC,CAAC,EACjC,EAAE,EAAE,MAAM,OAAO,CAAC,CAAC,CAAC,GACnB,OAAO,CAAC;IAAE,OAAO,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC,CAwBhF;AAED,+DAA+D;AAC/D,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,MAAM,CAShF"}

package/dist/helpers.js

@@ -0,0 +1,44 @@
+import { ClavexAPIError } from "./client.js";
+/**
+ * Wraps a tool handler so API errors become user-facing error messages
+ * instead of crashing the MCP server.
+ */
+export async function handleError(fn) {
+    try {
+        const result = await fn();
+        return {
+            content: [{ type: "text", text: typeof result === "string" ? result : JSON.stringify(result, null, 2) }],
+        };
+    }
+    catch (err) {
+        if (err instanceof ClavexAPIError) {
+            return {
+                content: [{ type: "text", text: `Error ${err.status}: ${err.message}` }],
+                isError: true,
+            };
+        }
+        if (err instanceof Error) {
+            return {
+                content: [{ type: "text", text: `Error: ${err.message}` }],
+                isError: true,
+            };
+        }
+        return {
+            content: [{ type: "text", text: `Unknown error: ${String(err)}` }],
+            isError: true,
+        };
+    }
+}
+/** Format an array of objects as a readable Markdown table. */
+export function mdTable(rows, cols) {
+    if (!rows.length)
+        return "_No results._";
+    const keys = cols ?? Object.keys(rows[0]);
+    const header = `| ${keys.join(" | ")} |`;
+    const sep = `| ${keys.map(() => "---").join(" | ")} |`;
+    const body = rows
+        .map((r) => `| ${keys.map((k) => String(r[k] ?? "—")).join(" | ")} |`)
+        .join("\n");
+    return [header, sep, body].join("\n");
+}
+//# sourceMappingURL=helpers.js.map

package/dist/helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"helpers.js","sourceRoot":"","sources":["../src/helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,EAAoB;IAEpB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,EAAE,EAAE,CAAC;QAC1B,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;SACzG,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,cAAc,EAAE,CAAC;YAClC,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,CAAC,MAAM,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBACxE,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;YACzB,OAAO;gBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;gBAC1D,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;QACD,OAAO;YACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,MAAM,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YAClE,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;AACH,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,OAAO,CAAC,IAA+B,EAAE,IAAe;IACtE,IAAI,CAAC,IAAI,CAAC,MAAM;QAAE,OAAO,eAAe,CAAC;IACzC,MAAM,IAAI,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,KAAK,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IACzC,MAAM,GAAG,GAAM,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;IAC1D,MAAM,IAAI,GAAK,IAAI;SAChB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;SACrE,IAAI,CAAC,IAAI,CAAC,CAAC;IACd,OAAO,CAAC,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACxC,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,24 @@
+#!/usr/bin/env node
+/**
+ * Clavex MCP Server — entry point
+ *
+ * Exposes ~30 tools for managing Clavex via natural language through Claude.
+ * Uses stdio transport (compatible with Claude Desktop, Claude API, MCP Inspector).
+ *
+ * Configuration via environment variables:
+ *
+ *   CLAVEX_BASE_URL   — required, e.g. https://auth.example.com
+ *   CLAVEX_TOKEN      — pre-acquired JWT bearer token  (preferred)
+ *
+ *   — or —
+ *
+ *   CLAVEX_EMAIL      — admin email (auto-login on first call)
+ *   CLAVEX_PASSWORD   — admin password
+ *   CLAVEX_ORG_SLUG   — org slug (omit for superadmin login)
+ *
+ * Usage:
+ *   node dist/index.js
+ *   npx @clavex/mcp-server
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;GAoBG"}

package/dist/index.js

@@ -0,0 +1,59 @@
+#!/usr/bin/env node
+/**
+ * Clavex MCP Server — entry point
+ *
+ * Exposes ~30 tools for managing Clavex via natural language through Claude.
+ * Uses stdio transport (compatible with Claude Desktop, Claude API, MCP Inspector).
+ *
+ * Configuration via environment variables:
+ *
+ *   CLAVEX_BASE_URL   — required, e.g. https://auth.example.com
+ *   CLAVEX_TOKEN      — pre-acquired JWT bearer token  (preferred)
+ *
+ *   — or —
+ *
+ *   CLAVEX_EMAIL      — admin email (auto-login on first call)
+ *   CLAVEX_PASSWORD   — admin password
+ *   CLAVEX_ORG_SLUG   — org slug (omit for superadmin login)
+ *
+ * Usage:
+ *   node dist/index.js
+ *   npx @clavex/mcp-server
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { registerOrgTools } from "./tools/orgs.js";
+import { registerUserTools } from "./tools/users.js";
+import { registerGroupTools } from "./tools/groups.js";
+import { registerClientTools } from "./tools/clients.js";
+import { registerIDPTools } from "./tools/idps.js";
+import { registerPolicyTools } from "./tools/policies.js";
+import { registerCIBATools } from "./tools/ciba.js";
+import { registerFGATools } from "./tools/fga.js";
+import { registerAccessReviewTools } from "./tools/access_reviews.js";
+import { registerSSFTools } from "./tools/ssf.js";
+import { registerAITools } from "./tools/ai.js";
+import { registerPAMTools } from "./tools/pam.js";
+import { registerDeveloperTools } from "./tools/developer.js";
+const server = new McpServer({
+    name: "clavex-mcp-server",
+    version: "1.2.0",
+});
+// Register all tool domains
+registerOrgTools(server);
+registerUserTools(server);
+registerGroupTools(server);
+registerClientTools(server);
+registerIDPTools(server);
+registerPolicyTools(server);
+registerCIBATools(server);
+registerFGATools(server);
+registerAccessReviewTools(server);
+registerSSFTools(server);
+registerAITools(server);
+registerPAMTools(server);
+registerDeveloperTools(server);
+// Connect via stdio (Claude Desktop / Claude API compatible)
+const transport = new StdioServerTransport();
+await server.connect(transport);
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AACpE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,OAAO,EAAE,gBAAgB,EAAE,MAAe,iBAAiB,CAAC;AAC5D,OAAO,EAAE,iBAAiB,EAAE,MAAc,kBAAkB,CAAC;AAC7D,OAAO,EAAE,kBAAkB,EAAE,MAAa,mBAAmB,CAAC;AAC9D,OAAO,EAAE,mBAAmB,EAAE,MAAY,oBAAoB,CAAC;AAC/D,OAAO,EAAE,gBAAgB,EAAE,MAAe,iBAAiB,CAAC;AAC5D,OAAO,EAAE,mBAAmB,EAAE,MAAY,qBAAqB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAc,iBAAiB,CAAC;AAC5D,OAAO,EAAE,gBAAgB,EAAE,MAAe,gBAAgB,CAAC;AAC3D,OAAO,EAAE,yBAAyB,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,gBAAgB,EAAE,MAAe,gBAAgB,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAgB,eAAe,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAe,gBAAgB,CAAC;AAC3D,OAAO,EAAE,sBAAsB,EAAE,MAAS,sBAAsB,CAAC;AAEjE,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;IAC3B,IAAI,EAAE,mBAAmB;IACzB,OAAO,EAAE,OAAO;CACjB,CAAC,CAAC;AAEH,4BAA4B;AAC5B,gBAAgB,CAAC,MAAM,CAAC,CAAC;AACzB,iBAAiB,CAAC,MAAM,CAAC,CAAC;AAC1B,kBAAkB,CAAC,MAAM,CAAC,CAAC;AAC3B,mBAAmB,CAAC,MAAM,CAAC,CAAC;AAC5B,gBAAgB,CAAC,MAAM,CAAC,CAAC;AACzB,mBAAmB,CAAC,MAAM,CAAC,CAAC;AAC5B,iBAAiB,CAAC,MAAM,CAAC,CAAC;AAC1B,gBAAgB,CAAC,MAAM,CAAC,CAAC;AACzB,yBAAyB,CAAC,MAAM,CAAC,CAAC;AAClC,gBAAgB,CAAC,MAAM,CAAC,CAAC;AACzB,eAAe,CAAC,MAAM,CAAC,CAAC;AACxB,gBAAgB,CAAC,MAAM,CAAC,CAAC;AACzB,sBAAsB,CAAC,MAAM,CAAC,CAAC;AAE/B,6DAA6D;AAC7D,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;AAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC"}

package/dist/tools/access_reviews.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerAccessReviewTools(server: McpServer): void;
+//# sourceMappingURL=access_reviews.d.ts.map

package/dist/tools/access_reviews.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"access_reviews.d.ts","sourceRoot":"","sources":["../../src/tools/access_reviews.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAKpE,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA6JjE"}

package/dist/tools/access_reviews.js

@@ -0,0 +1,131 @@
+import { z } from "zod";
+import { getClient } from "../client.js";
+import { handleError, mdTable } from "../helpers.js";
+export function registerAccessReviewTools(server) {
+    // ── List access review campaigns ───────────────────────────────────────────
+    server.registerTool("clavex_list_access_reviews", {
+        title: "List Access Review Campaigns",
+        description: `List access review (access certification) campaigns for an organization.
+
+Access reviews are periodic or triggered campaigns where managers certify whether
+users should retain their roles and permissions (JML — Joiner/Mover/Leaver compliance).
+
+Returns: id, name, status (pending/active/completed/cancelled), starts_at, ends_at, item counts.
+
+Status values:
+  "pending"   — scheduled, not yet started
+  "active"    — in progress, items are awaiting reviewer decisions
+  "completed" — all items decided
+  "cancelled" — cancelled before completion
+
+Use when:
+  "show access review campaigns for org <id>"
+  "what reviews are currently active?"
+  "mostrami le campagne di access review"`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id }) => handleError(async () => {
+        const campaigns = await getClient().get(getClient().orgPath(org_id, "/access-reviews"));
+        if (!Array.isArray(campaigns) || campaigns.length === 0) {
+            return "_No access review campaigns found._";
+        }
+        return mdTable(campaigns, ["id", "name", "status", "starts_at", "ends_at"]);
+    }));
+    // ── Create access review campaign ──────────────────────────────────────────
+    server.registerTool("clavex_create_access_review", {
+        title: "Create Access Review Campaign",
+        description: `Create a new access review (certification) campaign for an organization.
+
+A campaign generates one review item per (user, role) assignment in the org.
+Items are sent to reviewers who decide keep/revoke for each assignment.
+
+Args:
+  - org_id: Organization UUID
+  - name: Campaign name — e.g. "Q2 2026 Quarterly Access Review" or "Annual HR Certification"
+  - starts_at: ISO 8601 datetime when the campaign begins (e.g. "2026-06-01T00:00:00Z")
+  - ends_at: ISO 8601 datetime when the campaign expires — unreviewed items auto-revoke
+  - description (optional): Human-readable purpose of this campaign
+
+Returns: Created campaign JSON including the campaign_id.
+
+Use when:
+  "create a quarterly access review for org <id> starting June 1"
+  "lancia la campagna di access review trimestrale"
+  "schedule annual certification"`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            name: z.string().describe("Campaign name, e.g. 'Q2 2026 Quarterly Review'"),
+            starts_at: z.string().describe("ISO 8601 start datetime, e.g. '2026-06-01T00:00:00Z'"),
+            ends_at: z.string().describe("ISO 8601 end/deadline datetime"),
+            description: z.string().optional().describe("Optional description of this review's scope"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false },
+    }, async ({ org_id, name, starts_at, ends_at, description }) => handleError(async () => {
+        const campaign = await getClient().post(getClient().orgPath(org_id, "/access-reviews"), { name, starts_at, ends_at, description });
+        return `Access review campaign created:\n\n${JSON.stringify(campaign, null, 2)}`;
+    }));
+    // ── Launch access review campaign ─────────────────────────────────────────
+    server.registerTool("clavex_launch_review", {
+        title: "Launch Access Review Campaign",
+        description: `Immediately launch (activate) an access review campaign, generating review items and sending notifications to reviewers.
+
+This moves the campaign from "pending" to "active" without waiting for the scheduled starts_at.
+Use this to trigger an unscheduled or emergency review.
+
+After launching:
+  - One review item is created per (user, role) assignment in the org
+  - Reviewer notification emails are sent
+  - The worker processes items on a 15-minute tick
+
+Args:
+  - org_id: Organization UUID
+  - campaign_id: UUID of the campaign to launch (use clavex_list_access_reviews to find it)
+
+Returns: Launched campaign JSON.
+
+Use when:
+  "lancia la campagna di access review trimestrale"
+  "launch access review <campaign_id> now"
+  "activate the pending access certification"`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            campaign_id: z.string().uuid().describe("Campaign UUID to launch"),
+        },
+        annotations: { readOnlyHint: false, destructiveHint: false, idempotentHint: false },
+    }, async ({ org_id, campaign_id }) => handleError(async () => {
+        const campaign = await getClient().post(getClient().orgPath(org_id, `/access-reviews/${campaign_id}/launch`));
+        return `Campaign launched successfully:\n\n${JSON.stringify(campaign, null, 2)}`;
+    }));
+    // ── Get campaign items ────────────────────────────────────────────────────
+    server.registerTool("clavex_get_review_items", {
+        title: "Get Access Review Items",
+        description: `Get all items (user-role pairs) in an access review campaign along with their status.
+
+Each item represents one (user, role) assignment awaiting a keep/revoke decision.
+
+Returns: user_id, user_email, role_id, role_name, reviewer_email, decision, decided_at.
+
+Decision values:
+  null      — not yet reviewed
+  "keep"    — reviewer confirmed access should be retained
+  "revoke"  — reviewer decided access should be removed (processed by the worker)
+
+Use when:
+  "show items for campaign <id>"
+  "how many reviews are still pending?"
+  "quali utenti sono in attesa di revisione?"`,
+        inputSchema: {
+            org_id: z.string().uuid().describe("Organization UUID"),
+            campaign_id: z.string().uuid().describe("Campaign UUID"),
+        },
+        annotations: { readOnlyHint: true, destructiveHint: false },
+    }, async ({ org_id, campaign_id }) => handleError(async () => {
+        const items = await getClient().get(getClient().orgPath(org_id, `/access-reviews/${campaign_id}/items`));
+        if (!Array.isArray(items) || items.length === 0)
+            return "_No items found for this campaign._";
+        return mdTable(items, ["id", "user_email", "role_name", "reviewer_email", "decision", "decided_at"]);
+    }));
+}
+//# sourceMappingURL=access_reviews.js.map

package/dist/tools/access_reviews.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"access_reviews.js","sourceRoot":"","sources":["../../src/tools/access_reviews.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AACzC,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAErD,MAAM,UAAU,yBAAyB,CAAC,MAAiB;IACzD,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,4BAA4B,EAC5B;QACE,KAAK,EAAE,8BAA8B;QACrC,WAAW,EAAE;;;;;;;;;;;;;;;;0CAgBuB;QACpC,WAAW,EAAE;YACX,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;SACxD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,CACnB,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,SAAS,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CACrC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAC/C,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxD,OAAO,qCAAqC,CAAC;QAC/C,CAAC;QACD,OAAO,OAAO,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC;IAC9E,CAAC,CAAC,CACL,CAAC;IAEF,8EAA8E;IAC9E,MAAM,CAAC,YAAY,CACjB,6BAA6B,EAC7B;QACE,KAAK,EAAE,+BAA+B;QACtC,WAAW,EAAE;;;;;;;;;;;;;;;;;kCAiBe;QAC5B,WAAW,EAAE;YACX,MAAM,EAAO,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC5D,IAAI,EAAS,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC;YAClF,SAAS,EAAI,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,sDAAsD,CAAC;YACxF,OAAO,EAAM,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gCAAgC,CAAC;YAClE,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;SAC3F;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KACpF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,EAAE,EAAE,CAC1D,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,QAAQ,GAAG,MAAM,SAAS,EAAE,CAAC,IAAI,CACrC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,iBAAiB,CAAC,EAC9C,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,CAC1C,CAAC;QACF,OAAO,sCAAsC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IACnF,CAAC,CAAC,CACL,CAAC;IAEF,6EAA6E;IAC7E,MAAM,CAAC,YAAY,CACjB,sBAAsB,EACtB;QACE,KAAK,EAAE,+BAA+B;QACtC,WAAW,EAAE;;;;;;;;;;;;;;;;;;;8CAmB2B;QACxC,WAAW,EAAE;YACX,MAAM,EAAO,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC5D,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,yBAAyB,CAAC;SACnE;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,KAAK,EAAE;KACpF,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,EAAE,CAChC,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,QAAQ,GAAG,MAAM,SAAS,EAAE,CAAC,IAAI,CACrC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,mBAAmB,WAAW,SAAS,CAAC,CACrE,CAAC;QACF,OAAO,sCAAsC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;IACnF,CAAC,CAAC,CACL,CAAC;IAEF,6EAA6E;IAC7E,MAAM,CAAC,YAAY,CACjB,yBAAyB,EACzB;QACE,KAAK,EAAE,yBAAyB;QAChC,WAAW,EAAE;;;;;;;;;;;;;;8CAc2B;QACxC,WAAW,EAAE;YACX,MAAM,EAAO,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC;YAC5D,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,QAAQ,CAAC,eAAe,CAAC;SACzD;QACD,WAAW,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE;KAC5D,EACD,KAAK,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,EAAE,EAAE,CAChC,WAAW,CAAC,KAAK,IAAI,EAAE;QACrB,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAC,GAAG,CACjC,SAAS,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,mBAAmB,WAAW,QAAQ,CAAC,CACpE,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,qCAAqC,CAAC;QAC9F,OAAO,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,YAAY,EAAE,WAAW,EAAE,gBAAgB,EAAE,UAAU,EAAE,YAAY,CAAC,CAAC,CAAC;IACvG,CAAC,CAAC,CACL,CAAC;AACJ,CAAC"}

package/dist/tools/ai.d.ts

@@ -0,0 +1,3 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+export declare function registerAITools(server: McpServer): void;
+//# sourceMappingURL=ai.d.ts.map

package/dist/tools/ai.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai.d.ts","sourceRoot":"","sources":["../../src/tools/ai.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAKpE,wBAAgB,eAAe,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA8jBvD"}